Redundant Data Leaves Ashley Madison Red-Faced

Information governance and security is paramount for any organisation handling private data. This is especially true for companies whose very business model is based upon discretion.

Online affairs website Ashley Madison exposed a little more than expected this week when a hacking group called ‘The Impact Team’ threatened to release the account data of its 38 million users. The hackers main point of contention does not lie with the infidelity of Ashley Madison users, but with the website’s policy of charging users £15 to carry out a full delete of their data — while often retaining credit card information and private addresses.

The hackers demand that Avid Life takes Ashley Madison offline permanently, and has no doubt prompted all of the websites users to question the validity of Ashley Madison’s ‘Trusted Security Award.’

While your organisation may not handle data as intimate as Ashley Madison does, this kind of security nightmare will hit close to home for some businesses. In the past three years, 14% of companies have had a data breach.

While these data breaches vary in severity, many would argue that even a little leaked data is too much. So what are the repercussions for poor information management?

Customer confidence forms the backbone of any business, and could not be more imperative in the online market place. Without it, people will stop ordering goods from Amazon, booking holidays through Travel Supermarket, or arranging affairs through Ashley Madison. Users trust websites with their most private information and will lose complete confidence in them if this information is mismanaged.

But before we grab our pitchforks, it’s important to understand that data deletion is not as straightforward as it may seem. There are enormous commercial pressures within companies to keep valuable user data, as well as legal and compliance requirements concerning backup data. It can be expensive and complex to completely erase data and is made even more difficult if you have a poor or haphazard set of databases with ad-hoc links and multiple processes.